Hot Takes

Bitcoin was born of the open source movement, the sort of passionate fervor that makes you want to scream STALLMAN! late in the night, while charging the Oracle campus gates. And open consensus model blockchains have added another layer of "open" to the mix: both software and consensus methods should be unencumbered by permissions for maximum libre!

So it's no surprise that talk of patents tends to get this community riled up. This week Blockstream announced its defensive patent strategy, which indeed involves seeking patents on some of the awesome tech they've been developing. But before you go grab a gnu-pitchfork or libre-flaming-torch, consider the alternative: a world where some outsider or troll gets patents to this technology and uses them to hold the entire ecosystem hostage. Blockstream is doing the right thing: seeking patents so they can be used (and only ever used) to defeat the claims of charlatans and trolls (our space has a few).

This is the same IP strategy that's been effectively employed by Google, Tesla, and a host of other cool kids who understand that innovation = open. We hope more companies and developers will join Blockstream in this effort.

We got a data dump of all the complaints about "virtual currency" filed with the CFPB.

This was thanks to a Freedom of Information Request filed by Muckrock News.

A first glance at the data left us scratching our heads. According to the CFPB response, there were a total of 5,177 complaints filed from 2011 to the end of 2015. Of those, the top ten companies complained about were:

Western Union Company - 1,003 complaints

MoneyGram - 784 complaints

PayPal - 435 complaints

Bank of America - 193 complaints

Wells Fargo - 167 complaints

JP Morgan Chase - 155 complaints

Citibank - 71 complaints

Ria - 42 complaints

Walmart - 39 complaints

PNC Bank - 11 complaints

Those are obviously not digital currency firms. So we took a look at the CFPB’s online complaint form and discovered that the agency has not yet developed a form specific to virtual currency complaints and therefore lumps in virtual currency complaints with complaints about traditional money transmission (see screenshot below). When the CFPB responded to the FOIA request asking for virtual currency complaints, the overwhelming majority of complaints they returned were therefore not related to “virtual currency”.

So, we went through the data, cleaned it up, and then marked all those firms that we could recognize as clearly related to digital currency. What we found is that there was only a grand total of 37 complaints against "virtual currency" companies over the five-year period.

Coinbase took pole position with 10 complaints, which makes sense given the large number of customers they have. “Bitcoin” itself had two complaints lodge against it. GAW Miners had four complaints, Bitcoin Trader three, and Butterfly Labs two. After those, the rest only had one complaint each, and they are as follows: Bitfinex, BitInstant, Bittrex, Blockchain, C-Cex.com, CampBx.com, CoinMX, igot, Local Bitcoins, minerslab, Moonasics, MtGox, PERBTC, Purse, and Terabox. Many of these will be recognizable as known scams, and we have previously explained why there are so many Bitcoin scams.

In August 2014 the CFPB announced that “consumers who encounter a problem with a virtual currency product or service can now submit a complaint with the Bureau.” No doubt the agency wanted to see how widely consumers were being affected by the risks it had previously identified with digital currency. It’s remarkable, then, that in five years of data there have been so few complaints, and that so many of the products and services in the space are completely absent. Let’s keep it up.

Whereas blockchain technology with the appropriate protections has the potential to fundamentally change the manner in which trust and security are established in online transactions through various potential applications in sectors including financial services, payments, health care, energy, property management, and intellectual property management

It then calls for “a national policy to encourage the development” to encourage these technologies and their use.

It’s important to note that a House Resolution, if passed, only sets forth the sense of the House of Representatives (and not necessarily the Senate) about what kind of policy the federal government should adopt, either through future legislation or through agency rule-making. It’s not binding and it’s not specific, but it is a good way for the House to communicate in what direction it would like to see government policy move.

The proposed House Resolution from Rep. Kinzinger shows that many in Congress understand that the federal government should adopt policies that encourage blockchain innovations to flourish. That means a national fintech charter from the Office of the Controller of the Currency, as well as smart treatment of cryptocurrencies by the SEC, CFTC, FinCEN, and others.

A law firm just filed a petition with the CFTC asking for a "comprehensive rulemaking" on Bitcoin.

Steptoe and Johnson, which has many Bitcoin industry clients, is asking that the commission clarify what constitues as “actual delivery” of bitcoins after a transaction.

As Houman Shadab, Andrea Castillo, and I explained in one of the first law review articles on this topic, this matters because if a trade results in actual delivery of bitcoins (rather than deferred delivery or simply receiving contract rights to bitcoins) the exchange is exempt from certain commodities futures regulations.

The recent CFTC order against Bitfinex has prompted this call for greater clarity. The petition explains:

In the Bitfinex Order, the Commission found that Bitfinex, a Hong Kong based online platform for exchanging and trading cryptocurrencies, violated certain CEA provisions by engaging in retail-financed commodity transactions in bitcoin that did not result in “actual delivery” under CEA … Specifically, the Commission found that the margin transactions were within the scope of the Retail Commodity Transactions provision because the transfer of cryptocurrency from one person’s account to another’s did not satisfy the requirement of “actual delivery” to exclude the transactions from the jurisdictional reach of the CEA.

If the Commission takes up such a rulemaking, we’ll be looking at whether “actual delivery” can be said to take place when ownership of bitcoin is changed on a third party’s books, or only when a transfer happens on the blockchain. And when does a transfer actually happen on the blockchain? Fun times ahead.

The legal test for what is and is not considered a security is pretty flexible. Beyond the financial instruments that obviously fit the bill, things as weird as orange groves and country club memberships have been regulated as securities too.

DAOs are about as weird as it gets. Things can get muddy very quickly for regulators seeking to understand their purpose and how their work. Recently our director of research Peter Van Valkenburgh went on The Ether Review podcast to discuss the work we have done in educating securities regulators about the finer points of DAOs and other cryptotoken based crowdfunds.

The episode was recorded before theDAO was exploited but foresaw a number of pertinent issues. This makes it an even more interesting primer on the regulatory issues raised by these novel corporate structures.

That’s a question we’re frequently asked, and the reason we’re asked this so often is because we rarely talk about what we actually do day-to-day. We don’t talk about it because a lot of it is meeting with policymakers to explain how cryptocurrencies work and to discuss how the law should treat them (i.e. generally leave them alone), and it’s not really polite to hold a private meeting and then send out a press release about it.

The problem, though, is that this approach isn’t very transparent, and folks end up having no idea what it is we do. So, we’ve thought about it and realized there’s quite a bit we can share either because it’s public or because we can generally say what we did. So we’re going to give you an update from time to time on what we’ve been up to. Here are some highlights of what we did this week:

We attended attended Consumer Research’s Bretton Woods conference, at which Peter moderated a panel with representatives from the FTC and NIST.

We gave a two-hour briefing to the World Bank’s digital currency working group, focusing on how permissionless blockchains work and reach consensus.

We gave a briefing to program officers and staff at the Center for International Private Enterprise.

While I think it’s very heartening they seem to draw a distinction between custodial and non-custodial wallet services, Bitcoin Magazine reports that some in the Netherlands are unsure what would qualify as “custodial” and what wouldn’t. Bitonic CEO Jouke Hofman:

Under the current provision, it’s not that clear who or what the regulation applies to, exactly. It covers wallet providers that hold onto private keys of their users. But does it also include wallet providers that hold onto one key for a two-of-three multisig address? What if bitcoins are time-locked and wallet providers cannot spend the funds now, but perhaps in the future? And if the regulation applies to any key holder, where does the definition of a wallet provider begin? Could the regulation perhaps even apply to Lightning Network nodes?

This kind of uncertainty is exactly why we need absolutely clear language both in AML and consumer protection rules. Typically you want to avoid over-specifying when you draft a law, but in this case you want to be as clear and specific as possible to make sure you are exempting applications that should not be covered. For example, here’s the definition of “control” (i.e. custodial) that we helped the ULC develop for its draft Virtual Currency Business Act:

(3) “Control” means possession of sufficient virtual currency credentials or authority on a virtual currency network to execute unilaterally or prevent indefinitely virtual currency business transactions. The term does not include possession, for a reasonably time-limited period, of virtual currency credentials sufficient to prevent virtual currency transactions to provide a service such as an escrow, provided that the user is able to regain unilateral rights to execute transactions following the period in which the escrow was in effect.

We think such clear language would address all of Hoffman’s questions.

Experimenting with putting highly personal data in immutable data stores is fraught with danger. To avoid undermining trust in government’s use of data, DWP should be much more open and transparent about the policy objective of these trials, the safeguards they are putting in place to limit the risks and the lessons being learnt through the trial.

And that's a reasonable concern. As tools, blockchains are better at provably revealing truthful information than they are at obscuring information; they are engines for trustworthy agreement not privacy. Even Bitcoin lacks robust privacy or anonymity for transactions (which is why the continued development of ZCash and Confidential Transactions is so important).

But it's not the supposed use of a "blockchain" that has me worried in this GovCoin case. I can't find the source code for this trial tech anywhere, and have to suspect that the software is proprietary. The public can only judge the privacy of a technology if the software can be openly audited. Bitcoin and other cryptocurrencies are powered by open source software, anyone can look at every detail of its technical specification. We should expect no less from a blockchain software stack employed by a government.

Banks and other businesses continue to receive extortion demands to be paid in virtual currency in exchange for preventing or stopping distributed denial of service attacks or for the decrypting or return of proprietary information.

The report cites a McAfee study finding that ransomware samples are one the rise. As we have noted before, cryptocurrencies are not a but-for cause of these attacks. Rather, threats like ransomware depend on poor cybersecurity, which has nothing to do with digital currencies.

The second mention of “virtual currency” in the report reads in its entirety:

New platforms and technologies, such as virtual currencies, enable anonymity for cyber criminals, including terrorists and other groups seeking to transfer and launder money globally. These methods not only pose substantial challenges for compliance with the Bank Secrecy Act and Anti-Money Laundering (BSA/AML) laws and regulations, but also help cyber criminals raise funds to pay for physical and cyber attacks.

A new NYSE-traded Bitcoin ETF is about to give the Winklevoss Bitcoin Trust a run for its money.

It’s called the SolidX Bitcoin Trust and its S–1 was filed with the SEC today. The most interesting contrast between the two proposed funds is what happens if their bitcoins are lost or stolen. In its S–1 filing, the Winklevoss explained that:

The Trust will not insure its bitcoin. … Therefore, Shareholders cannot be assured that the Custodian will maintain adequate insurance or any insurance with respect to the bitcoin held by the Custodian on behalf of the Trust. Furthermore, Shareholders’ recourse against the Trust, Custodian and Sponsor under [New York] law governing their custody operations is limited. … Consequently, a loss may be suffered with respect to the Trust’s bitcoin which is not covered by insurance and for which no person is liable in damages.

In a recent filing with the SEC, the fund’s Bats Exchange explained that:

The Custodian has evaluated different insurance policy options and determined not to obtain coverage at this time due to insurers’ lack of understanding and sophistication with respect to Digital Assets, which has led to a thin marketplace of policies that are (i) not priced in an actuarially-fair manner and (ii) don’t properly model relevant loss vectors. Unfortunately, an efficient and effective marketplace for bitcoin insurance has not yet developed.

Despite all that, in its S–1 filing today, SolidX reports that it has secured insurance for its bitcoin holdings:

The Trust will maintain crime, excess crime and excess vault risk insurance coverage underwritten by various insurance carriers. The purpose of the insurance is to protect shareholders against loss or theft of the Trust’s bitcoin. The insurance will cover loss of bitcoin by, among other things, theft, destruction, bitcoin in transit, computer fraud (i.e., hacking attack) and other loss of the private keys that are necessary to access the bitcoin held by the Trust.

That’s quite a stark contrast. Coin Center has previously worked with Lloyds of London to help it and its insurance market participants understand the challenges and risks of securing bitcoins. You can read our report for Lloyd’s here.